Slide 1: DC & CN II
LECTURE 3
Local Area Networks
Slide 2: Generic Data Link Frame Format
Preamble or Start Field When computers are connected to a physical medium, there must be a way they can grab the attention of other computers to broadcast the message, "Here comes a frame!" Various technologies have different ways of doing this process, but all frames, regardless of technology, have a beginning signaling sequence of bytes. 10101010…….10101010
Depending up frame format: Preamble = 7 bytes, Start or Start
of Frame Delimiter (SFD) = 1 byte 10101011.
2
Slide 3: Generic Data Link Frame Format
Address Field The destination address can be unicast, multicast, or
broadcast. The Source Address field contains the MAC source address. The source address is generally the unicast address of the Ethernet node that transmitted the frame.
Unicast address – Single device Broadcast address – All devices Multicast address – Specific group of devices
3
Slide 4: Generic Data Link Frame Format
Type Field Usually information indicating the layer 3 protocols in the data field, I.e. IP Packet. Length Field In some frame formats such as 802.3, there is a length field which specifies the exact length of a
4
Slide 5: Generic Data Link Frame Format
Data Field The maximum transmission unit (MTU) for Ethernet is 1500 octets, so the data should not exceed that size. The content of this field is unspecified. An unspecified amount of data is inserted immediately after the user data when there is not enough user data for the frame to meet the minimum frame length. This extra data is called a pad. Ethernet requires each frame to be between 64 and 1518 octets.
5
Slide 6: Generic Data Link Frame Format
FCS Used to insure that the data has arrived without corruption. More efficient than sending the data twice and comparing the results. Necessary to prevent errors.
6
Slide 7: Devices and their layers
Transceiver
Hosts and servers operate at Layers 2-7; they perform the
encapsulation process. Routers: Layers 1 through 3, make decisions at layer 3 Switches and NICs: Layers 1 and 2, make decisions at layer 2 7 Hubs and transceivers: Layer 1, no decisions to make
Slide 8: Fast Ethernet
The two technologies that have become important
are 100BASE-TX, which is a copper UTP medium and 100BASE-FX, which is a multimode optical fiber medium. The 100-Mbps frame format is the same as the 10Mbps frame. A fiber version could be used for backbone applications, connections between floors, buildings where copper is less desirable, and also in highnoise environments. 100BASE-FX was introduced to satisfy this desire.
8
Slide 9: Gigabit Ethernet
As Fast Ethernet was installed to increase
bandwidth to workstations, this began to create bottlenecks upstream in the network. The 1000BASE-T standard, which is IEEE 802.3ab, was developed to provide additional bandwidth to help alleviate these bottlenecks. It provided more throughput for devices such as intra-building backbones, interswitch links, server farms, and other wiring closet applications as well as connections
9
Slide 10: 1000BASE-T is to use all four pairs of wires
instead of the traditional two pairs of wires used by 10BASE-T and 100BASE-TX. This provides 250 Mbps per pair. With all four-wire pairs, this provides the desired 1000 Mbps. 1000BASE-T supports both half-duplex as well as full-duplex operation. The use of fullduplex 1000BASE-T is widespread.
10
Slide 11: LAN Standards
11
Slide 12: Transparent Bridge Process
Receive Packet Learn source address or refresh aging timer
Is the destination a broadcast, multicast or unknown unicast? No Yes Flood Packet
Are the source and destination on the same interface? No Yes Filter Packet
Forward unicast to correct port
12
Slide 13: 13
Slide 14: Transparent bridges forward frames when
necessary and do not forward when there is no need to do so, thus reducing overhead. Transparent bridges perform three actions: Learning MAC addresses by examining the source MAC address of each frame received by the bridge Deciding when to forward a frame or when to filter (not forward) a frame, based on the destination MAC address Creating a loop-free environment with other bridges by using the Spanning Tree Protocol
14
Slide 15: Switches
Switch data frames - The process of receiving a
frame on a switch interface, selecting the correct forwarding switch port(s), and forwarding the frame. Maintain switch operations - Switches build and maintain forwarding tables. Switches also construct and maintain a loop-free topology across the LAN.
15
Slide 16: A frame is received. If the destination is a broadcast or multicast,
forward on all ports. If the destination is a unicast and the address is not in the address table, forward on all ports. If the destination is a unicast and the address is in the address table, and if the associated interface is not the interface in which the frame arrived, forward the frame.
16
Slide 17: Switching methods
Cut-through
The frame is forwarded through the switch before the entire frame is received. At a minimum the frame destination address must be read before the frame can be forwarded. This mode decreases the latency of the transmission, but also reduces error detection.
17
Slide 18: Store-and-forward
The entire frame is received before any forwarding takes place. The destination and source addresses are read. Latency is greater with larger frames because the entire frame must be received before the switching process begins. The switch is able to check the entire frame for errors, which allows more error detection.
18
Slide 19: Fragment-free
Fragment-free
switching waits until the packet is determined not to be a collision fragment before forwarding. Filters out collision fragments before forwarding begins. Collision fragments are the majority of packet errors. Anything greater than 64 bytes is a valid packet and is usually received without error.
19
Slide 20: Configuration of Switches (Cisco Catalyst 2950)
20
Slide 21: 21
Slide 22: User EXEC mode and Privileged EXEC
mode.
22
Slide 23: show running-config
23
Slide 24: show interface
24
Slide 25: Applying Passwords
25
Slide 26: Set IP Address and Default Gateway
To allow the switch to be accessible by Telnet and
other TCP/IP applications, IP addresses and a default gateway should be set. By default, VLAN 1 is the management VLAN. (more later)
26
Slide 27: Set Port Speed and Duplex Settings
The Fast Ethernet switch ports default to:
auto-speed auto-duplex. This allows the interfaces to negotiate these settings. When a network administrator needs to ensure an interface has particular speed and duplex values, the values can be set manually.
27
Slide 28: 28
Slide 29: Managing the MAC address table
Switches examine the source address of frames
that are received on the ports to learn the MAC address of PCs or workstations that are connected to it. These learned MAC addresses are then recorded in a MAC address table. Frames that have a destination MAC address that has been recorded in the table can be switched out to the correct interface.
29
Slide 30: A switch dynamically learns and maintains
thousands of MAC addresses. To preserve memory and for optimal operation of the switch, learned entries may be discarded from the MAC address table. If no frames are seen with a previously learned address, the MAC address entry is automatically discarded or aged out after 300 seconds.
30
Slide 31: 31
Slide 32: Managing the MAC address table
Rather than wait for a dynamic entry to age out,
the administrator has the option to use the privileged EXEC command clear macaddress-table.
32
Slide 33: Configuring static MAC addresses
The reasons for assigning a permanent MAC address
to an interface include: The MAC address will not be aged out automatically by the switch. A specific server or user workstation must be attached to the port and the MAC address is known. Security is enhanced.
33
Slide 34: Configuring port security
Access layer switch ports are accessible through
the structured cabling at wall outlets. Anyone can plug in a PC or laptop into one of these outlets. This is a potential entry point to the network by unauthorized users. Switches provide a feature called port security. It is possible to limit the number of addresses that can be learned on an interface. The switch can be configured to take an action if this is exceeded.
34
Slide 35: Secure MAC Addresses
The switch supports these types of secure MAC
addresses: Static secure MAC addresses—These are manually configured by using the switchport port-security mac-address mac-address interface configuration command, stored in the address table, and added to the switch running configuration. Dynamic secure MAC addresses—These are dynamically configured, stored only in the address table, and removed when the switch restarts.
35
Slide 36:
Sticky secure MAC addresses—These are dynamically configured, stored in the address table, and added to the running configuration. If these addresses are saved in the configuration file, when the switch restarts, the interface does not need to dynamically reconfigure them.
36
Slide 37: 2950 Security Commands
Set the interface mode as access.
Switch(config-if)#switchport mode access
Set the maximum number of secure MAC
addresses for the interface. The range is 1 to 132; the default is 1.
Switch(config-if)# switchport port-security maximum value
37
Slide 38: Enter a static secure MAC address for the interface,
repeating the command as many times as necessary.
Switch(config-if)# switchport port-security mac-address mac address
The secure addresses that were dynamically
learned are converted to sticky secure MAC addresses and are added to the running configuration.
switch(config-if)# switchport port-security mac-address sticky
38
Slide 39: Configure the port; if there is a security violation
switch(config-if)# switchport port-security
violation {shutdown | restrict | protect}
shutdown—The
interface is error-disabled when a security violation occurs. restrict—A security violation sends a trap to the network management station. protect—When the port secure addresses reach the allowed limit on the port, all packets with unknown addresses are dropped.
39
Slide 40: THE END
40
